Hiding Encryption and Credit Card numbers In Plaintext With Format Preserving Encryption
We can normally spot when something is encrypted, as it either looks like Base64 or hex characters. But, why can’t we convert our ciphertext into a form that looks a bit more like the characters we would expect to see? And, could we obfuscate our credit card details into a form that still looks like a credit card, but which has actually been encrypted, and only with a secret password can we reveal the real credit card number? Well, we can do this, and the magic method is Format Preserving Encryption (FPE). In this example, we will define a character set for the output format, and have an encryption key derived from a password, and generated with PBKDF2.
Outline
Within tokenization we can apply format-preserving encryption (FPE) methods, which will convert our data into a format which still looks valid, but which cannot be mapped to the original value. For example, we could hide Bob’s credit card detail into another valid credit card number, and which would not reveal his real number. A tokenization server could then convert the real credit card number into a format which still looked valid. For this, we have a key which takes the data and then converts it into a form which the same length as the original.
